package org.apache.ranger.authorization.sqoop.authorizer;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.plugin.policyengine.RangerAccessResult;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.security.AuthorizationValidator;
import org.apache.sqoop.security.SecurityError;

/* loaded from: input_file:org/apache/ranger/authorization/sqoop/authorizer/RangerSqoopAuthorizer.class */
public class RangerSqoopAuthorizer extends AuthorizationValidator {
    private static final Log LOG = LogFactory.getLog(RangerSqoopAuthorizer.class);
    private static volatile RangerSqoopPlugin sqoopPlugin = null;
    private static String clientIPAddress = null;

    public RangerSqoopAuthorizer() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerSqoopAuthorizer.RangerSqoopAuthorizer()");
        }
        init();
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerSqoopAuthorizer.RangerSqoopAuthorizer()");
        }
    }

    public void init() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerSqoopAuthorizer.init()");
        }
        if (sqoopPlugin == null) {
            synchronized (RangerSqoopAuthorizer.class) {
                if (sqoopPlugin == null) {
                    RangerSqoopPlugin rangerSqoopPlugin = new RangerSqoopPlugin();
                    rangerSqoopPlugin.init();
                    sqoopPlugin = rangerSqoopPlugin;
                    clientIPAddress = getClientIPAddress();
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerSqoopAuthorizer.init()");
        }
    }

    public void checkPrivileges(MPrincipal mPrincipal, List<MPrivilege> list) throws SqoopException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerSqoopAuthorizer.checkPrivileges( principal=" + mPrincipal + ", privileges=" + list + ")");
        }
        if (CollectionUtils.isEmpty(list)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("<== RangerSqoopAuthorizer.checkPrivileges() return because privileges is empty.");
                return;
            }
            return;
        }
        RangerSqoopPlugin rangerSqoopPlugin = sqoopPlugin;
        String clusterName = sqoopPlugin.getClusterName();
        if (rangerSqoopPlugin != null) {
            for (MPrivilege mPrivilege : list) {
                RangerAccessResult isAccessAllowed = rangerSqoopPlugin.isAccessAllowed(new RangerSqoopAccessRequest(mPrincipal, mPrivilege, clusterName, clientIPAddress));
                if (isAccessAllowed != null && !isAccessAllowed.getIsAllowed()) {
                    throw new SqoopException(SecurityError.AUTH_0014, "principal=" + mPrincipal + " does not have privileges for : " + mPrivilege);
                }
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("<== RangerSqoopAuthorizer.checkPrivileges() success without exception.");
        }
    }

    private String getClientIPAddress() {
        InetAddress inetAddress = null;
        try {
            inetAddress = InetAddress.getLocalHost();
        } catch (UnknownHostException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Failed to get Client IP Address" + e);
            }
        }
        String str = null;
        if (inetAddress != null) {
            str = inetAddress.getHostAddress();
        }
        return str;
    }
}
